A recent demonstration of how GPUs can speed things up, and not always for the greater good, came in the form of a 25 GPU machine that could crack passwords in minutes - but what exactly does "crack a password" mean?

If you are not a security expert then presumably you might well think that a machine that is fast enough to crack your password is a very dangerous thing. You might even start to wonder if any of your memorable passwords are worth the effort. However, you need to understand just a little more about the way passwords work to appreciate the subtlety of what is going on.

Consider the problem of implementing a password system. You could store the password for each user in a file along with their other data. In this case the user would enter the password, the system would look up the password in the file and allow or deny the access based on the match. This is a very simple approach and it was used by early systems. For example, Unix originally stored passwords exactly as typed along with other user information in a text file. You can see that in this case security is all based on the inability to read the password file unless you have the permission to do so.

If the password file gets into the wrong hands, by whatever method, then all of the users passwords are compromised. After this actually happened a few times things became a little more sophisticated. Eventually we arrived at the solution used today, which is to hash the password using a cryptographically tested hash function.

Such a hash function is "strongly one-way" that is you can easily compute y=H(x), but given y, working out x is very difficult. In this scheme what happens is that when the user sets a password the hash function is applied h=H(p) and only the hash value h is stored in the pasword file. When the user logs on then the hash function is applied to the password and if it matches the stored hash then the user is allowed access.

You can see the advantage of this method. If the password file is stolen it really doesn't do much harm because you can't log on using just the hash value h, you need the password p and while getting h from p is easy getting p from h is very difficult - unless you have a super computer.

This is what was presented at the Passwords^12 Conference in Oslo. The super computer in question was a cluster of GPUs in a set of 4U servers. It had a total of 25 AMD Radeon GPUs which burned 7Kw of electricity. The system was bound together by VIrtual Open CL (VCL) which allowed OpenCL to work with the GPUs as if they were all installed in the same processor. To make this work the servers were connected using 10Gbps Infiniband networking - there doesn't seem to be a possibility of making servers work as one over a slow internet connection. The password cracking software used was Hashcat modified to support multiple GPUs. In theory it could have managed to work with 128 GPUS had they been available.

The results of this easy-to-build supercomputer are impressive. It can test 348 billion hash values as used by NT Lan Manager (NTLM) per second. For example, Windows XP uses a short password with some simple hashing and its passwords can be broken in about 6 minutes. The stronger NTLM takes about five and a half hours for an 8-character password.

However, things are not all lost as more complex hash functions such as md5crypt and sa512crypt take much longer but the simpler methods - notably Microsoft's LM and NTLM hash methods are very easy to crack.

Of course, all of this presupposes that the attacker has the password hash files. The same methods could not be used as a brute force attack on an app or a website simply because of the difficulty of entering the number of possible passwords in a reasonable time. Notice, however, that if a password file is cracked then all of the website and apps that you protect with that password become compromised. Clearly reusing passwords isn't a good idea.

It also looks as if VCL provides a workable way to make use of multiple GPUs to tackle other OpenCL computations in a very cost effective way.

Pi day is the 14th of March every year because 3.14 are the first three digits of Pi but this year the date is 3/14/15 and these are the first five digits of Pi - 3.1415. This only happens once per [ ... ]